Reaper IoT botnet 'only partially mobilised'

Report finds up to two million infected devices have yet to be activated

Despite the Reaper botnet receiving widespread coverage over the past few weeks, it seems it's not as powerful as security researchers first thought, as many of its bots are not actually operating to disable networks.

Although there are between 10,000 and 20,000 bots launching attacks, another two million hosts that have the potential to become part of it have for some reason not been launched, according to a report by Arbor Networks.

"Possible explanations include: misidentification due to flaws in the scanning code, scalability/performance issues in the Reaper code injection infrastructure, or a deliberate decision by the Reaper botmasters to throttle back the propagation mechanism," the company said in its analysis of the threat.

Advertisement - Article continues below

It's likely that Reaper may have been created to form part of a booter/stresser service for the Chinese DDoS-for-hire market, according to the report, as deeper research into the botnet's behaviour revealed that some of its code appears to be based upon the more powerful Mirai IoT malware.

"While Reaper is capable of launching SYN-floods, ACK-floods, HTTP floods, and DNS reflection/amplification attacks, it is likely to have other, yet-to-be-determined DDoS attack capabilities, as well," Arbor's Security Engineering & Response Team (ASERT) said in a blog post.

Advertisement - Article continues below

The Reaper botnet was first discovered by Qihoo 360 Netlab last month and since its discovery, it's been adapted to pose a threat to a range of connected devices including IP-based cameras, routers, storage boxes and Wi-Fi points from vendors including D-Link, TP-Link, Avtech, Netgear, MikroTik, Linksys, and Synology.

Netgear released a statement saying it's continuously adapting its firmware and security patches to make sure products are as protected as well as they can be.

"Netgear appreciates having security concerns brought to our attention and are constantly monitoring our products to get in front of the latest threats," it said. "Being proactive rather than reactive to emerging security issues is a fundamental belief at Netgear."

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now



University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
Policy & legislation

Senators propose a bill aimed at ending warrant-proof encryption

24 Jun 2020

Most Popular


How to find RAM speed, size and type

24 Jun 2020
Policy & legislation

UK gov buys "wrong" satellites in £500m blunder

29 Jun 2020

UK to ban Huawei from 5G networks 'within weeks'

6 Jul 2020